Earlier today I read an article that advised users of the iPhone running iOS 4.1 and 4.2 Beta that even with a passcode on your phone it was possible to bypass the code to make a call. The way this works is that you need to go to the Emergency Call screen enter any number (not 999 or 911 or whatever your local emergency call number is), press the green call button and immediately press the power button. Surely enough when you do this you are taken through to the phone option on that device. You can then either dial one of the user’s contacts or use the keypad to dial another number.
However, not only can you then make a call but you also have access to the users contact list and can also send emails. This can be achieved by accessing a contact and then selecting Share Contact. Next choose email and you now are into the users email client. Though you cannot access their emails you can send emails to whoever you like.
You can also use the same Share Contact option to send an MMS. This then lets you text another number.
You will also have the ability to listen to and delete any voicemails that the user may have. I know I have just done it to myself.
You cannot get out of the phone again until you have attempted to make a call from within the breach. When the call is disconnected you are taken back to the Enter Passcode screen. You can, of course, repeat this procedure as many times as you like. From now on if I lose my phone I will not be relying on the fact that it has a passcode on it to protect myself and would advise anybody with an iPhone 3G, 3GS or 4 to contact their carrier immediately if they lose their phone and have it blocked to prevent the possibility of some bad guy making full use of your contract.
This seems a fairly major security breach and I flaw how long it will take Apple to patch it.